Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't call SSL_shutdown() when receiving SSL_ERROR_SYSCALL or SSL_ERROR_SSL #3577

Merged
merged 4 commits into from
Jul 5, 2023
Merged

Don't call SSL_shutdown() when receiving SSL_ERROR_SYSCALL or SSL_ERROR_SSL #3577

merged 4 commits into from
Jul 5, 2023

Conversation

trengginas
Copy link
Member

This is to fix #3576.
Before calling SSL_shutdown(), a check to SSL_ERROR_SYSCALL and SSL_ERROR_SSL is required.

@trengginas trengginas added this to the release-2.14 milestone May 24, 2023
@trengginas trengginas self-assigned this May 24, 2023
sauwming
sauwming reviewed May 24, 2023
View reviewed changes
pjlib/src/pj/ssl_sock_ossl.c Outdated

static void ssl_reset_sock_state_with_error(pj_ssl_sock_t* ssock, pj_bool_t check_error)
{
ossl_sock_t* ossock = (ossl_sock_t*)ssock;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: our PointerAlignment is actually Right, i.e. see the initial code:
ossl_sock_t *ossock = (ossl_sock_t *)ssock

pjlib/src/pj/ssl_sock_ossl.c Outdated
@@ -1706,12 +1711,21 @@ static void ssl_reset_sock_state(pj_ssl_sock_t *ssock)
* Avoid calling SSL_shutdown() if handshake wasn't completed.
* OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
* SSL handshake, while previous versions always return 0.
* Don't send notify when the last error is SSL_ERROR_SYSCALL or SSL_ERROR_SSL.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace send notify with call SSL_shutdown().

Yes, SSL_shutdown() will send notify, but it's only one of the steps.
`Note that SSL_shutdown() must not be called if a previous fatal error has occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL or SSL_ERROR_SSL.

The shutdown procedure consists of two steps: sending of the close_notify shutdown alert, and reception of the peer's close_notify shutdown alert. The order of those two steps depends on the application.`
https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html

Also change the boolean below.

@trengginas
Modification based on comments
6a7e59e 
- change pointer alignment
- change comments and variable name
@creslin2877
Copy link
Contributor

creslin2877 commented May 24, 2023
edited
Loading

The only concern I have is that last_err might be set from an ssl_write context while ssl_read is being executed (due to concerns brought up in #3575). I just pushed my patch up for it, so we'll probably have a merge conflict to deal with whenever your branch or mine goes in, but in any case, I think the locking in the fix for #3575 will make things a bit better.

Oh, we also need to do this check on the results from the SSL_read() in pjlib/src/pj/ssl_sock_ossl.c, anywhere else libssl might return these errors.

@sauwming
Copy link
Member

Since #3583 has been integrated, you can merge with the latest master to resolve the conflict.

creslin2877
creslin2877 suggested changes Jun 1, 2023
View reviewed changes
Copy link
Contributor

@creslin2877 creslin2877 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned in my previous comment, we need to cover the case where we get an SSL_ERROR_SSL from the SSL_read() function too.

@sauwming sauwming mentioned this pull request Jun 2, 2023
Merged
@sauwming
Copy link
Member

sauwming commented Jun 5, 2023
edited
Loading

As mentioned in my previous comment, we need to cover the case where we get an SSL_ERROR_SSL from the SSL_read() function too.

Since, after merging, it now already uses the locking in ssl_read(), let us know if there are further modifications required, @creslin2877 .

@sauwming
Copy link
Member

@creslin2877, let us know if there's any issue with the latest patch, so we can merge it for 2.13.1.

@sauwming
Copy link
Member

I just realised that the addition of ssl_reset_sock_state_with_error() will break other SSL backends. Can we avoid modifying the internal API?

@creslin2877
Copy link
Contributor

I think you've covered the case that triggered my concern. Thanks!

@sauwming sauwming merged commit 8e69c97 into master Jul 5, 2023
@sauwming sauwming deleted the ssl_shutdown_check_error branch July 5, 2023 03:38
sauwming pushed a commit that referenced this pull request Jul 5, 2023
@trengginas @sauwming
Don't call SSL_shutdown() when receiving SSL_ERROR_SYSCALL or SSL_ERR…
806b7c2 
…OR_SSL (#3577)
@sauwming sauwming modified the milestones: release-2.14, release-2.13.1 Jul 5, 2023
sauwming added a commit that referenced this pull request Aug 4, 2023
@sauwming
Merge with current master after #3577
cc1a4e6
dshamaev-intermedia pushed a commit to intermedia-net/pjproject that referenced this pull request Sep 4, 2023
@trengginas @dshamaev-intermedia
Don't call SSL_shutdown() when receiving SSL_ERROR_SYSCALL or SSL_ERR…
f80e081 
…OR_SSL (pjsip#3577)

(cherry picked from commit 806b7c2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@creslin2877 creslin2877 creslin2877 requested changes

@sauwming sauwming sauwming approved these changes

@nanangizz nanangizz nanangizz approved these changes

Assignees

@trengginas trengginas

Labels
component: pjlib
Projects
None yet
Milestone
release-2.13.1
Development

Successfully merging this pull request may close these issues.

Potentially improper use of SSL_shutdown() when receiving SSL_ERROR_SYSCALL or SSL_ERROR_SSL
4 participants
@trengginas @creslin2877 @sauwming @nanangizz